|
Standard |
Posted: 09/05/07
CIS 1116 – Security Policies and
Procedures
This course provides knowledge and experience to develop and
maintain security policies and procedures. Students will explore the legal and
ethical issues in information security and the various security layers:
physical security, personnel security, operating systems, network, software,
communication and database security. Students will develop an Information
Security Policy and an Acceptable Use Policy.
Topics include discuss the ethical issues in information security,
discuss the legal issues in information security, discuss the steps in
determining security needs, identify the various layers of security needed in
an organization, identify the components of a security plan, identify the steps
to implement and maintain a security plan, develop an Information Security
Policy, and develop an Acceptable Use Policy.
|
Competency
Areas: |
Hours |
|
|
|
|
|
|
Discuss
the ethical issues in information security |
|
|
|
Discuss
the legal issues in information security |
Class |
5 |
|
Discuss
the steps in determining security needs |
D. Lab |
0 |
|
Identify
the various layers of security needed in an organization |
P.
Lab/O.B.I. |
0 |
|
Identify
the components of a security plan |
Credit |
5 |
|
Identify
the steps to implement and maintain a security plan |
|
|
|
Develop
an Information Security Policy |
|
|
|
Develop
an Acceptable Use Policy |
|
|
|
Prerequisite: |
(CIS 1140 or CIS 2321) and an operating systems class) or
advisory approval |
|
Corequisite: |
|
|
Course Guide |
|
Competency |
After completing this section,
the student will: |
Hours |
||
|
Class |
D. Lab
|
P. Lab/ O.B.I. |
||
|
DISCUSS THE ETHICAL ISSUES IN
INFORMATION SECURITY |
6 |
0
|
0 |
|
|
|
Define
ethics |
|
|
|
|
|
List
ethical issues in information security |
|
|
|
|
|
List
professional organizations of interest to information security professionals |
|
|
|
|
|
Discuss
the role of a code of ethics for information security professionals |
|
|
|
|
DISCUSS THE LEGAL ISSUES IN
INFORMATION SECURITY |
6 |
0
|
0 |
|
|
|
List
different types of law (civil, criminal, tort) |
|
|
|
|
|
Site
recent laws and cases involving information security |
|
|
|
|
|
Discuss
privacy, individuals rights and free speech issues |
|
|
|
|
|
Discuss
legal evidence collection and search warrants |
|
|
|
|
DISCUSS THE STEPS IN DETERMINING
SECURITY NEEDS |
8 |
0
|
0 |
|
|
|
Define
risk assessment and risk management |
|
|
|
|
|
Discuss
how to form a team for security analysis |
|
|
|
|
|
Identify
assets and their values |
|
|
|
|
|
Identify
threats, their probability and cost |
|
|
|
IDENTIFY THE VARIOUS
LAYERS OF SECURITY NEEDED IN AN ORGANIZATION
|
7 |
0
|
0 |
|
|
|
List
security concerns with hardware, software, data, people |
|
|
|
|
|
List
security issues with physical security, personnel, operating systems,
communications, access, documentation and systems/software development |
|
|
|
|
IDENTIFY THE COMPONENTS OF A
SECURITY PLAN |
7 |
0
|
0 |
|
|
|
Discuss
at least one published security model (such as ISO, VISA or NIST) |
|
|
|
|
|
Discuss
contents of a general organizational security program statement or policy |
|
|
|
|
|
List
types of security policies that are issue specific and distributed to users
(such as passwords, e-mail, and acceptable/remote use) |
|
|
|
|
|
List
types of security standards and procedures that are used to configure or
maintain a system (such as access control lists and configuration rules) |
|
|
|
|
|
Discuss
items included in: Incident Reporting Plan, Disaster Recovery Plan and, a
Business Continence Plan. |
|
|
|
|
IDENTIFY THE STEPS
TO IMPLEMENT AND MAINTAIN A SECURITY PLAN |
6 |
0
|
0 |
|
|
|
Discuss
importance of security training and education |
|
|
|
|
|
Discuss
security management model (such as ISO network management model or security
systems development life cycle) |
|
|
|
|
|
Discuss
issues involving compliance and enforcement |
|
|
|
|
DEVELOP AN
INFORMATION SECURITY POLICY |
5 |
0
|
0 |
|
|
|
Prepare a
general security policy for a business that supports the mission, vision,
direction of the business and sets the tone of security efforts within the
organization. |
|
|
|
|
DEVELOP AN
ACCEPTABLE USE POLICY |
5 |
0
|
0 |
|
|
|
Prepare
an acceptable use policy that covers at least two “issue specific” security
areas. Such as: company computer usage, e-mail, remote access, passwords,
hardware configurations for protection against worms/viruses, etc. |
|
|
|
|
Suggested Resources |
Books:
Principles
of Information Security, ISBN: 0-619-21625-5, Whitman, Mattford,
Course Technology